DOCSLIB.ORG

Koobface on Facebook: How Malicious Contents Sneak Into Social Networking

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Koobface on Facebook: How Malicious Contents Sneak Into Social Networking Koobface on Facebook: How malicious contents sneak into social networking Mohammad Reza Faghani Outline Introduction Trend of Web malware Social networks malware What is XSS !? Potentials of XSS Worms Social Networks XSS worm propagation ClickJacking malware propagation Trojan malware propagation Summarizing the results from various studies Recent study results Our proposed scheme for malware detection Conclusion Introduction Four key threats to consider Spam Bugs Denial of Service Malicious Software (malware) Propagate via Spam Viruses, Worms, Trojans, SpyWare Exploits bugs ScareWare, … Mount DOS Introduction (cont.) Why is malware so important to study? Privacy and security issues Cyber War Stuxnet, Predator Drone ISPs struggle under virus generated traffic Cyber Criminals make a lot of money Hidden costs Reputation Introduction (cont.) Malware is propagated via Email P2P networks Vulnerable OS services Mobile phones Web Can even be Hybrid Trends of Web malware Web malware Most people frequently use Web Population of the victims are much larger than other types of malware. Social networks are popular among people No barriers for web users Malware writers prefer to exploit Web users Suppose each active user has on average 80% of web servers have critical vulnerabilities such as XSS (will128kbps discuss of bandwidth,XSS later) potential of 10 percent of active users is : Aggregated traffic80Mx128kbps= of the web 10 users’ Tbps browser would be huge Social networks malware Samy could affect 1200000 over 1 million people Code Red I 1000000 1000000 Code Red II in less that 20 hours. Slammer 800000 Blaster MySpace was the Samy first but : 600000 Sina, July 2011 400000 359000 336000 275000 FB on March 29, 2011 200000 ClickJacking types 55000 Almost everyday 0 Twitter on Sep. 2010 … Propagation of a Malware Why studying malware ? To have a better understanding of propagation behaviors Damage assessment Providing enough traffic to avoid Denial of Service Detecting the weaknesses of spreading How we can counter-measure in the best way Social networks malware We can consider three main types of social networks malware attacks: XSS worms e.g. Samy Trojans e.g. Koobface ClickJacking types Forced like Can lead to DriveByDownloads malware What is XSS !? Cross Site Scripting (XSS) is a common vulnerability in web applications. Has two types: Reflected Stored Reflected XSS Application reflects exactly what it gets from the user. user may inject a harmful script Stored XSS Attacker stores a harmful script in the application database for further exploitation. Comments Forum talks FB Wall XSS + AJAX = w0rm XSS threat becomes more noticeable due to the combination of HTML and AJAX technology. AJAX allows browsers to issue HTTP requests on behalf of the user. No need for the attacker to deceive the victim to click on a special crafted link! XSS worm propagation XSS worm propagation consists of the following two steps: Download A visitor downloads (views) an infected profile and automatically executes the JavaScript payload. Propagation The payload is extracted from the contents of the profile being viewed and then added to the viewer’s profile. ClickJacking Worm Propagation Unwittingly clicking on a hidden like button and more friends get infected… Trojan Propagation Then they post a similar link on the victim’s profile or send private messages to friends of the victim containing the malicious link. Sometimes, they ask you to download the appropriate decoder to play the movie, which is indeed the Trojan itself. Research on OSN malware Three main papers on OSN malware propagation (in chronological order): [1] Faghani M. R., Saidi H., “Malware Propagation in Online Social networks”, Malware09, Montreal, 2009. [2] W. Xu, F. Zhang, and S. Zhu., “Toward worm detection in online social networks”, (ACSAC), 2010. [3] Guanhua Y., Guanling . And et al. , “Malware Propagation in Online Social Networks: Nature, Dynamics, and Defense Implications, (ASIACCS'11), March 2011. Result Summary (from simulations) Social network structure itself slows down the worm propagation. 10000 9000 8000 Random (q=0.9) Small World (q=0.9) 7000 6000 5000 4000 3000 Total Number of Infected profiles 2000 1000 0.5 1 1.5 2 2.5 3 5 Number of Visits x 10 Result summary (cont.) User activities play an important role. 10000 9000 q=1 8000 q=0.9 q=0.7 7000 q=0.5 q=0.3 6000 q=0.1 5000 4000 3000 Total Numer of Infected profiles 2000 1000 0.5 1 1.5 2 2.5 3 3.5 4 5 NumberNumbe of Visitsvisits x 10 Result summary (cont.) Trojan type spreads faster than XSS 10000 9000 8000 XSS Koobface, p=0.5 7000 Koobface, p=0.7 6000 5000 4000 3000 Total Number of Infected profiles 2000 1000 0 0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 2 4 Times in minutes x 10 Result summary (cont.) Effect of Clustering coefficient is linear 5 x 10 1.75 1.7 1.65 1.6 1.55 1.5 Time required to have the whole population infected 0.1 0.105 0.11 0.115 0.12 0.125 0.13 0.135 0.14 0.145 0.15 Clustering Coefficent Result summary (cont.) Effect of Infection Probability is exponential 5 x 10 10 9 8 7 6 5 4 3 2 Time required to have the whole population infected 1 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Probability of Executing the malware Recent Results (1) Considering cliques Those who have common interests create a group. 10000 A1 w ith 1 Clique 9000 C w ith 1 Clique A1 w ith 2 Cliques 8000 C w ith 2 Cliques 7000 6000 5000 4000 3000 Total Number of Infected 2000 1000 0 0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 2 5 Total Number of Visits x 10 Recent Results (2) Considering overlapping cliques: 10000 9000 2 Cliques + 1 Common Clique 3 Cliques 8000 3 Cliques + 1 Common Clique 4 Cliques 7000 6000 5000 4000 3000 Total Number of Infected 2000 1000 0 0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 2 5 Total Number of Visits x 10 Proposed Defense System Identify big cliques Among them distinguish those users who are connected to different cliques. Implement decoy friends or other detection mechanisms to detect malicious behaviors. It is more efficient than current Facebook classifier system. Conclusion User relationship structure plays an important role in malware propagation. User activities affect speed of propagation. Propagation of XSS types is slower than that of Trojan types. A new defense mechanism can be built using OSN graph topology. Acknowledgement Thank you Any Question ? .
Load more

Recommended publications
  • A the Hacker
    A The Hacker Madame Curie once said “En science, nous devons nous int´eresser aux choses, non aux personnes [In science, we should be interested in things, not in people].” Things, however, have since changed, and today we have to be interested not just in the facts of computer security and crime, but in the people who perpetrate these acts. Hence this discussion of hackers. Over the centuries, the term “hacker” has referred to various activities. We are familiar with usages such as “a carpenter hacking wood with an ax” and “a butcher hacking meat with a cleaver,” but it seems that the modern, computer-related form of this term originated in the many pranks and practi- cal jokes perpetrated by students at MIT in the 1960s. As an example of the many meanings assigned to this term, see [Schneier 04] which, among much other information, explains why Galileo was a hacker but Aristotle wasn’t. A hack is a person lacking talent or ability, as in a “hack writer.” Hack as a verb is used in contexts such as “hack the media,” “hack your brain,” and “hack your reputation.” Recently, it has also come to mean either a kludge, or the opposite of a kludge, as in a clever or elegant solution to a difficult problem. A hack also means a simple but often inelegant solution or technique. The following tentative definitions are quoted from the jargon file ([jargon 04], edited by Eric S. Raymond): 1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary.
    [Show full text]
  • Cross Site Scripting Attacks Xss Exploits and Defense.Pdf
    436_XSS_FM.qxd 4/20/07 1:18 PM Page ii 436_XSS_FM.qxd 4/20/07 1:18 PM Page i Visit us at www.syngress.com Syngress is committed to publishing high-quality books for IT Professionals and deliv- ering those books in media and formats that fit the demands of our customers. We are also committed to extending the utility of the book you purchase via additional mate- rials available from our Web site. SOLUTIONS WEB SITE To register your book, visit www.syngress.com/solutions. Once registered, you can access our [email protected] Web pages. There you may find an assortment of value- added features such as free e-books related to the topic of this book, URLs of related Web sites, FAQs from the book, corrections, and any updates from the author(s). ULTIMATE CDs Our Ultimate CD product line offers our readers budget-conscious compilations of some of our best-selling backlist titles in Adobe PDF form. These CDs are the perfect way to extend your reference library on key topics pertaining to your area of expertise, including Cisco Engineering, Microsoft Windows System Administration, CyberCrime Investigation, Open Source Security, and Firewall Configuration, to name a few. DOWNLOADABLE E-BOOKS For readers who can’t wait for hard copy, we offer most of our titles in downloadable Adobe PDF form. These e-books are often available weeks before hard copies, and are priced affordably. SYNGRESS OUTLET Our outlet store at syngress.com features overstocked, out-of-print, or slightly hurt books at significant savings. SITE LICENSING Syngress has a well-established program for site licensing our e-books onto servers in corporations, educational institutions, and large organizations.
    [Show full text]
  • PLTW Computer Science Principles
    Computer Science Virtual Learning PLTW Computer Science Principles April 29, 2020 Computer Science Principles Lesson: April 29, 2020 Learning Target: The goal of this lesson is for students to personally invest in maintaining online security and to improve their personal cybersecurity hygiene. Students focus on cybersecurity from the perspectives of the user, the software developer, businesses, the nation, and the citizen. Introduction With current health crisis, now like no other time in history, our nation has a dire need for people – as employees, citizens, and consumers–to practice good hygiene, hand washing, etc. But what does cyber-hygiene that mean? Why is it so important? What are the worst-case consequences of not practicing good cyber-hygiene? Write your thoughts in your notebook and discuss your ideas with your family and friends. Watch this Video: What is Cyber-Hygiene? Practice:Cyber-Ethics Consider the following two scenarios. In each scenario, decide if Rob has behaved unethically. If his action was unethical, explain why and describe what you think the consequences might be. If his action was ethical, describe what additional actions would have crossed the line into unethical behavior. Write your thoughts for each scenario in your notebook. Compare your answers with the links provided Practice:Cyber-Ethics Scenario 1 Rob is sitting next to Tanya, who is entering a password on a website. Rob watches her type and memorizes her password. He uses it once to see if it really was her password and immediately logs out. He never uses it again. Compare your answers here Practice:Cyber-Ethics Scenario 2 Rob is given access to a computing network.
    [Show full text]
  • Anti-Virus Issues, Malicious Software and Internet Attacks for Non-Technical Audiences
    Known Knowns, Known Unknowns and Unknown Unknowns: Anti-virus issues, malicious software and Internet attacks for non-technical audiences By Daniel Bilar Introduction [Heading] The risks associated with the internet have changed significantly. A recent study claims that a typical Microsoft Windows machine is subjected to autonomous infiltration attempts - not just mere pings and probes - from worms and botnets looking for clients once every six minutes.1 Stealth – not exhibitionism or hubris – characterizes this breed of attacks and concomitantly deployed malicious software. Unbeknownst even to experienced human operators, surreptitious attacks are able to insert malicious code deep within the bowels of individual computers and the wider supporting internet communication and control infrastructure such as wireless access points, home routers, and domain name servers.2 In addition to stealth, social engineering via e-mail, Instant 1 Gabor Szappanos, ‘A Day in the Life of An Average User’, Virus Bulletin, January 2009, 10-13, available at http://www.virusbtn.com/. 2 Most users do not bother to change the default passwords on home devices such as routers. Browser vulnerabilities can then be exploited by malicious software to alter the DNS settings of the router, thereby directing any name lookup query to a DNS of the attacker’s choice. This may be used to spoof a bank web site, for instance. See Sid Stamm, Zulfikar Ramzan and Markus Jakobsson, ‘Drive-By Pharming’, Lecture Notes in Computer Science 4861, (Springer, 2007), 495-506 and Hristo Bojinov, Elie Bursztein, Eric Lovett and Dan Boneh, ‘Embedded Management Interfaces: Emerging Massive Insecurity’, Blackhat Technical Briefing, Blackhat USA 2009 (Las Vegas, USA, August 2009), available at http://www.blackhat.com/presentations/bh-usa- 09/BOJINOV/BHUSA09-Bojinov-EmbeddedMgmt-PAPER.pdf.
    [Show full text]
  • Security and Privacy Implications of Third-Party Access to Online Social Networks
    Die approbierte Originalversion dieser Dissertation ist in der Hauptbibliothek der Technischen Universität Wien aufgestellt und zugänglich. http://www.ub.tuwien.ac.at The approved original version of this thesis is available at the main library of the Vienna University of Technology. http://www.ub.tuwien.ac.at/eng Security and Privacy Implications of Third-Party Access to Online Social Networks PhD THESIS submitted in partial fulfillment of the requirements of Doctor of Technical Sciences within the Vienna PhD School of Informatics by Markus Huber, M.Sc. Registration Number 0306665 to the Faculty of Informatics at the Vienna University of Technology Advisor: Privatdoz. Dipl.-Ing. Mag.rer.soc.oec. Dr.techn. Edgar Weippl Second advisor: o.Univ.Prof. Dipl.Ing. Dr. A Min Tjoa External reviewers: Assoc. Prof. Dr. Engin Kirda. Northeastern University, USA. Prof. Dr. Stefan Katzenbeisser. Technische Universität Darmstadt, Germany. Wien, 27.08.2013 (Signature of Author) (Signature of Advisor) Technische Universität Wien A-1040 Wien Karlsplatz 13 Tel. +43-1-58801-0 www.tuwien.ac.at Declaration of Authorship Markus Huber, M.Sc. Burggasse 102/8, AT-1070 Vienna, Austria I hereby declare that I have written this Doctoral Thesis independently, that I have com- pletely specified the utilized sources and resources and that I have definitely marked all parts of the work - including tables, maps and figures - which belong to other works or to the internet, literally or extracted, by referencing the source as borrowed. (Vienna, 27/08/2013) (Signature of Author) i Acknowledgements I am grateful to my supervisor Edgar R. Weippl for his excellent mentoring over the course of my postgraduate studies and for giving me the freedom to pursue my own research ideas.
    [Show full text]
  • Chapter Malware, Vulnerabilities, and Threats
    Chapter Malware, Vulnerabilities, and 9 Threats THE FOLLOWING COMPTIA SECURITY+ EXAM OBJECTIVES ARE COVERED IN THIS CHAPTER: ✓ 3.1 Explain types of malware. ■ Adware ■ Virus ■ Spyware ■ Trojan ■ Rootkits ■ Backdoors ■ Logic bomb ■ Botnets ■ Ransomware ■ Polymorphic malware ■ Armored virus ✓ 3.2 Summarize various types of attacks. ■ Man-in-the-middle ■ DDoS ■ DoS ■ Replay ■ Smurf attack ■ Spoofing ■ Spam ■ Phishing ■ Spim ■ Vishing ■ Spear phishing ■ Xmas attack ■ Pharming ■ Privilege escalation ■ Malicious insider threat ■ DNS poisoning and ARP poisoning ■ Transitive access ■ Client-side attacks ■ Password attacks: Brute force; Dictionary attacks; Hybrid; Birthday attacks; Rainbow tables ■ Typo squatting/URL hijacking ■ Watering hole attack ✓ 3.5 Explain types of application attacks. ■ Cross-site scripting ■ SQL injection ■ LDAP injection ■ XML injection ■ Directory traversal/command injection ■ Buffer overflow ■ Integer overflow ■ Zero-day ■ Cookies and attachments; LSO (Locally Shared Objects); Flash Cookies; Malicious add-ons ■ Session hijacking ■ Header manipulation ■ Arbitrary code execution/remote code execution ✓ 3.7 Given a scenario, use appropriate tools and techniques to discover security threats and vulnerabilities. ■ Interpret results of security assessment tools ■ Tools: Protocol analyzer; Vulnerability scanner; Honeypots; honeynets; Port scanner; Passive vs. active tools; Banner grabbing ■ Risk calculations: Threat vs. likelihood ■ Assessment types: Risk; Threat; Vulnerability ■ Assessment technique: Baseline reporting; Code review; Determine attack surface; Review architecture; Review designs ✓ 4.1 Explain the importance of application security controls and techniques. ■ Cross-site scripting prevention ■ Cross-site Request Forgery (XSRF) prevention ■ Server-side vs. client-side validation As we discussed in Chapter 1, “Measuring and Weighing Risk,” everywhere you turn there are risks; they begin the minute you fi rst turn on a computer and they grow exponen- tially the moment a network card becomes active.
    [Show full text]
  • Code Injection Vulnerabilities in Web Applications - Exemplified at Cross-Site Scripting Martin Johns
    Dissertation zur Erlangung des akademischen Grades eines Doktors der Naturwissenschaften Code Injection Vulnerabilities in Web Applications - Exemplified at Cross-site Scripting Martin Johns Eingereicht an der Fakult¨atf¨urInformatik und Mathematik der Universit¨atPassau Gutachter: Prof. Dr. Joachim Posegga Prof. Dr. Dieter Gollmann Submitted April 14th 2009, defended July 22nd 2009 2 Abstract The majority of all security problems in today’s Web applications is caused by string- based code injection, with Cross-site Scripting (XSS) being the dominant representative of this vulnerability class. This thesis discusses XSS and suggests defense mechanisms. We do so in three stages: First, we conduct a thorough analysis of JavaScript’s capabilities and explain how these capabilities are utilized in XSS attacks. We subsequently design a systematic, hierarchical classification of XSS payloads. In addition, we present a comprehensive sur- vey of publicly documented XSS payloads which is structured according to our proposed classification scheme. Secondly, we explore defensive mechanisms which dynamically prevent the execution of some payload types without eliminating the actual vulnerability. More specifically, we discuss the design and implementation of countermeasures against the XSS payloads “Session Hijacking”, “Cross-site Request Forgery”, and attacks that target intranet re- sources. We build upon this and introduce a general methodology for developing such countermeasures: We determine a necessary set of basic capabilities an adversary needs for successfully executing an attack through an analysis of the targeted payload type. The resulting countermeasure relies on revoking one of these capabilities, which in turn renders the payload infeasible. Finally, we present two language-based approaches that prevent XSS and related vul- nerabilities: We identify the implicit mixing of data and code during string-based syn- tax assembly as the root cause of string-based code injection attacks.
    [Show full text]
  • 1. 9002 2. Adore 3. Agobot 4. Alina 5. Allaple 6. Alureon 7. Andromeda 8
    LISTA DE CÓDIGO MALICIOSO PARA EL EJERCICIO 2 OJO: En algunos casos los nombres hacen referencia al resultado de la ejecución del código malicioso o la aplicación a la que afecta, además de al código malicioso en sí (por ejemplo, hacen referencia a un troyano y a la botnet creada con él o al programa que instala). 1. 9002 44. Bytverify 86. Gaobot 2. Adore 45. Carberp 87. Gapz 3. Agobot 46. ChePro 88. Geinimi 4. Alina 47. Chernobyl 89. Gh0st 5. Allaple 48. Citadel 90. Ghostball 6. Alureon 49. Citifraud 91. Gingermaster 7. Andromeda 50. Clippo 92. Gozi 8. Animal 51. CodeRed 93. Graybird 9. Anna-Kournikova 52. Commwarrior 94. Happy99 11. Arcom 53. Conficker 95. HellRaiser 12. Ardamax 54. Cookies 96. Hikit 13. Asprox 55. Coswid 97. Hiloti 14. Avatar 56. Creeper 98. HOIC 15. Back Orifice 57. Cryptolocker 99. Horst 16. Badtrans 58. Cutwail 100. Hotbar 17. Bagle 59. CyberGate 101. Hupigon 18. Bamital 60. Dalbot 102. Ikee 19. Banbra 61. DarkComet 103. ILoveYou 20. Bandook 62. Darkmegi 104. Imaut 21. BaneChant 63. DaVinci 105. IXESHE 22. Banload 64. Daws 106. JBOSS 23. Barrotes 65. Depyot 107. Joshi 24. Beast 66. Destory 108. Kak 25. Beebone 67. Dexter 109. Karagany 26. Beebus 68. DirDel 110. Kelihos 27. Benjamin 69. DirtJumper 111. Kenzero 28. Bifrose 70. Distrack 112. Klez 29. Bitcoinminer 71. DNSChanger 113. Koobface 30. Blaster 72. Dokstormac 114. Krbanker 31. Blazebot 73. Dozer 115. Krotten 32. Bohmini 74. Droiddream 116. Kuluoz 33. Bohu 75. BlackPOS 117. Laroux 34. Bolgimo 76. Duqu 118. Leap 35. Boran 77.
    [Show full text]
  • Genetic Algorithm Application in Information Security Systems
    VILNIUS GEDIMINAS TECHNICAL UNIVERSITY Nikolaj GORANIN GENETIC ALGORITHM APPLICATION IN INFORMATION SECURITY SYSTEMS DOCTORAL DISSERTATION TECHNOLOGICAL SCIENCES, INFORMATICS ENGINEERING (07T) Vilnius 2010 Doctoral dissertation was prepared at Vilnius Gediminas Technical University in 2006–2010. Scientific Supervisor Prof Dr Habil Antanas ČENYS (Vilnius Gediminas Technical University, Technological Sciences, Informatics Engineering – 07T). VGTU leidyklos TECHNIKA 1756-M mokslo literat ūros knyga http://leidykla.vgtu.lt ISBN 978-9955-28-588-5 © VGTU leidykla TECHNIKA, 2010 © Nikolaj Goranin, 2010 [email protected] VILNIAUS GEDIMINO TECHNIKOS UNIVERSITETAS Nikolaj GORANIN GENETINI Ų ALGORITM Ų TAIKYMAS INFORMACIJOS SAUGOS SISTEMOSE DAKTARO DISERTACIJA TECHNOLOGIJOS MOKSLAI, INFORMATIKOS INŽINERIJA (07T) Vilnius 2010 Disertacija rengta 2006–2010 metais Vilniaus Gedimino technikos universitete. Mokslinis vadovas prof. habil. dr. Antanas ČENYS (Vilniaus Gedimino technikos universitetas, technologijos mokslai, informatikos inžinerija – 07T). Abstract Information infrastructure protection against malicious software, such as vi- ruses, Internet worms and botnets is a crucial task that requires development and implementation of both reactive, such as patches, removal tools, antivirus soft- ware updates and proactive, such as countermeasure planning in advance, meas- ures. Success of these measures application highly depends on reaction time and understanding of malware evolution trends respectively. Reaction time should be directly proportional
    [Show full text]
  • A Study of Malware Propagation Via Online Social Networking
    A Study of Malware Propagation via Online Social Networking Mohammad Reza Faghani and Uyen Trang Nguyen Abstract The popularity of online social networks (OSNs) have attracted malware creators who would use OSNs as a platform to propagate automated worms from one user’s computer to another’s. On the other hand, the topic of malware propaga- tion in OSNs has only been investigated recently. In this chapter, we discuss recent advances on the topic of malware propagation by way of online social networking. In particular, we present three malware propagation techniques in OSNs, namely cross site scripting (XSS), Trojan and clickjacking types, and their characteristics via analytical models and simulations. 1 Introduction Online social networks (OSNs) such as Facebook, Twitter and MySpace have pro- vided hundreds of millions of people worldwide with a means to connect and com- municate with their friends, family and colleagues geographically distributed all around the world. The popularity and wide spread usage of OSNs have also attracted attackers and hackers who would use OSNs as a platform to propagate automated worms from one user’s computer to another’s. The population of potential victims of web-based malware is much larger than that of other types of worms due to the popularity of the world wide web. In ad- dition, web-based worms are not banned through web proxies and network address translation (NAT) processes. Research has shown that web-based malware can prop- agate much faster than traditional malware [13]. As a matter of fact, the first OSN Mohammad Reza Faghani York University, Department of Computer Science and Engineering, Toronto, ON, Canada, M3J 1P3 e-mail: [email protected] Uyen Trang Nguyen York University, Department of Computer Science and Engineering, Toronto, ON, Canada, M3J 1P3 e-mail: [email protected] 1 2 Mohammad Reza Faghani and Uyen Trang Nguyen worm that hit MySpace in 2005 by exploiting a cross site scripting vulnerability in a MySpace web application infected about one million victims within 24 hours [13].
    [Show full text]
  • A Study of XSS Worm Propagation and Detection Mechanisms in Online Social Networks Mohammad Reza Faghani, Student Member, IEEE, and Uyen Trang Nguyen,Member,IEEE
    IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 8, NO. 11, NOVEMBER 2013 1815 A Study of XSS Worm Propagation and Detection Mechanisms in Online Social Networks Mohammad Reza Faghani, Student Member, IEEE, and Uyen Trang Nguyen,Member,IEEE Abstract—We present analytical models and simulationresults creator embeds the malicious code into his/her (usually fake) that characterize the impacts of the following factors on the profile or wall. In the second step, any person who subsequently propagation of cross-site scripting (XSS) worms in online social visits the infected profile will inadvertently execute the em- networks (OSNs): 1) user behaviors, namely, the probability of visiting a friend’s profile versus a stranger’s; 2) the highly bedded malicious code. An XSS flaw (such as the one exploited clustered structure of communities; and 3) community sizes. Our by Samy) will help the worm to execute the malicious code in analyses and simulation results show that the clustered structure the visitor’s browser while an AJAX (Asynchronous JavaScript of a community and users’ tendency to visit their friends more and XML) technology unintentionally enables the code to often than strangers help slow down the propagation of XSS embed itself into the visitor’s profile. The visitor’s profile then worms in OSNs. We then present a study of selective monitoring schemes that are more resource efficient than the exhaustive becomes infected, which allows the worm to propagate further checking approach used by the Facebook detection system which in the OSN [1]. monitors every possible read and write operation of every user There has not been any in-depth research on XSS worms and in the network.
    [Show full text]
  • Web 2.0 Vulnerabilities
    Web 2.0 Vulnerabilities "A Thesis Presented in Partial Fulfillment of the Requirements for the Degree of Masters of Science in Forensic Computing, John Jay College of Criminal Justice of the City University of New York" Mark Aaron Frankel August 2008 i Abstract The World Wide Web has changed. Internet users no longer read static pages published by webmasters alone. Today, the nature of the Web is that of interaction and collaboration and has been dubbed the Web 2.0 phenomenon by some. Web 2.0 represents a social upgrade to the way that users have come to know the Web. Websites now allow users to add and change content, thereby making a site their own space. Unfortunately, the technology that makes this all possible is vulnerable to attack. The very freedom that defines the Web 2.0 movement flaws it as well. The problem should be fixed in a way that does not hinder the innovation that Web 2.0 allows. This work looks at the problem by examining the vulnerabilities, quantifying the severity of the threat and ultimately offering solutions – both existing and new. ii Introduction There is no short answer to the question “What is Web 2.0?” In its simplest form, it could be described as the interactive and collaborative World Wide Web. Web 2.0 is characterized by a user’s ability to post content on the web. Examples of Web 2.0 services include Wikipedia, YouTube and the various social networking sites, which provide facilities to allow users to upload information - everything from text, graphics, video, etc.
    [Show full text]